BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon San Francisco - image
QCon San Francisco

Level up your software skills by uncovering the emerging trends you should focus on. Register now.

 QCon London - image
QCon London

Discover emerging trends, insights, and real-world best practices in software development & tech leadership. Join now.

 QCon London - image
InfoQ Dev Summit Boston

Learn how senior software developers are solving the challenges you face. Register now with early bird tickets.

 The Software Architects Newsletter - image
The Software Architects' Newsletter

Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.

InfoQ Homepage Security Content on InfoQ

Articles

RSS Feed
Newer Older

  • Cloud Computing Roundtable

    In this IEEE panel discussion article, guest editors Ivan Arce and Anup Ghosh facilitated the discussion on cloud computing security risks. The panelists are Eric Grosse (Google Security), John Howie (Microsoft), James Ransome (Cisco), Jim Reavis (Cloud Security Alliance) and Stephen Schmidt (Amazon Web Services).

    Anup Ghosh Ivan Arce
    on Apr 11, 2011
  • Java

    Application Security With Apache Shiro

    Apache Shiro is a Java security framework that provides simple but powerful approach to application security. This article introduces the framework and explains Apache Shiro’s project goals, architectural philosophies and how you might use Shiro to secure your own applications.

    Les Hazlewood
    on Mar 14, 2011

  • Brian Chess on Static Code Analysis

    Building security into software applications from the initial phases of development process is critical. Static code analysis gives developers the ability to review their code without actually executing it to uncover potential security vulnerabilities. InfoQ spoke with Brian Chess about static analysis and how it compares with other security assessment techniques like penetration testing.

    Srini Penchikala
    on Feb 21, 2011

  • Matt Tesauro on OWASP Web Testing Environment (WTE) Project

    Web Testing Environment (WTE) project, a part of The Open Web Application Security Project (OWASP) organization, makes application security tools available to application developers and QA testers. InfoQ caught up with WTE project lead Matt Tesauro to learn more about the background, current state, various tools it supports and the future road map of the project.

    Srini Penchikala
    on Feb 14, 2011

  • Interview and Book Excerpt: Masoud Kalali’s GlassFish Security

    GlassFish Security book, by author Masoud Kalali, covers Java EE security model and how to design and develop secure Web and EJB modules in Java EE applications and deploy them to GlassFish server environment. InfoQ spoke with Masoud about the book and the new security features in Java EE 6 release.

    Srini Penchikala
    on Nov 29, 2010

  • Bryan Sullivan on Security Development Lifecycle

    Security Development Lifecycle (SDL), developed at Microsoft, is a security assurance process with a focus on software development. It introduces security and privacy aspects in all phases of the software development process. InfoQ spoke with Bryan Sullivan from SDL team about the current state and future road map of the framework.

    Srini Penchikala
    on Oct 25, 2010

  • Authorizing Process Access and Execution with JBoss jBPM

    Centralized BPM deployments can greatly benefit from the ability to control access to process definitions and instances ensuring that users can use and monitor only a set of processes that they are authorized for. In this article Boris Lublinsky shows how to extend JBoss jBPM to define and support process access authorization.

    Boris Lublinsky
    on Mar 19, 2010

  • Wonderland Of SOA Governance

    Michael Poulin elaborates on the differences between of governance and management and tries to explore the 'wonderland' of governance in a service-oriented environment. He defines SOA Governance, explores the relationship between governance and enterprise architecture, and discusses accountability and ownership of governance efforts, and how practitioners can instrument SOA governance.

    Michael Poulin
    on Nov 11, 2009

  • Enhanced Detection of Malware

    This article, from Intel, discusses significant new threats to host agents, outlines a generic architecture for malware detection, based on enhanced cloud computing, describes how Intel platform technologies can be used to enhance computing solutions, and ends with a threat analysis of the approaches presented. Malware that masks its presence from traditional security agents is the article focus.

    and Yuriy Bulygin Carlos Rozas Divya Kolar Sunder Hormuzd Khosravi
    on Sep 30, 2009

  • Encrypting the Internet

    The authors, from Intel, offer a three pronged approach to providing secure transmission of high volume HTML traffic: new CPU instructions to accelerate cryptographic operations; a novel implementation of the RSA algorithm to accelerate public key encryption; and using SMT to balance web server and cryptographic operations. Their approach, they claim, leads to significant cost savings.

    Satyajit Grover Xiaozhu Kang Michael Kounavis andFrank Berry
    on Sep 22, 2009

  • The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware

    Botnets are the latest scourge to hit the Internet and this article defines a botnet (a collection of distributed computers or systems that has been taken over by rogue software), examines the botnet life cycle, and presents several promising anti-botnet defense strategies including canary detectors, white lists, and malware traces.

    Carl Livadas Eve Schooler Jaideep Chandrashekar Steve Orrin
    on Aug 04, 2009

  • The First Few Milliseconds of an HTTPS Connection

    What exactly happens when an HTTPS connection is established? This article analyzes the data exchanged between the browser and the server, down to the byte, in order to set up a secured connection.

    Jeff Moser
    on Jul 27, 2009
Newer Articles
Older Articles
BT